too long
this is my first question here,i'm hoping not to do it wrong.
Im using a simple form in my website, here is the mailer php code:
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$from = 'xxxxx';
$to = 'xxxx@xxxx.com';
$subject = 'xxxxx';
$human = $_POST['human'];
$body = "De: $name
E-Mail: $email
Mensaje:
$message";
if ($_POST['submit']) {
if ($name != '' && $email != '') {
if ($human == '4') {
if (mail ($to, $subject, $body, $from)) {
echo '<p>Su mensaje ha sido enviado correctamente!</p>';
} else {
echo '<p>Ocurrió un error, porfavor vuelva e intentlo de nuevo!</p>';
}
} else if ($_POST['submit'] && $human != '4') {
echo '<p>Su respuesta anti-spam es incorrecta!</p>';
}
} else {
echo '<p>Por favor, rellene todos los campos obligatorios!!</p>';
}
}
?>
1) I would like to redirect to index after the Thank you message!! i cant find the way to do it though.
2) And if its possible, point me in the right direction to improve the Anti-spam system.
Thanks in advance!! ;)
You can use the php header function:
header('Refresh: 2; url=http://google.com');
2 (after Refresh:) is the number of second and url the url. (which can also be relative to your domain like: "/success.php")
Regarding your Antispam system: I can't say much about it, because I only see that you get the POST value. (but not where it comes from or what it is) But google "Captchas" or Howtos to get an idea on how to make them.
You can indeed redirect using the php header as stated by SimonEritsch. However, take care to NOT redirect if there is a problem with the form as you will most likely need to show/re-render the form again to allow the user to correct the error. only redirect away on success.
You could also use the header("Location:myResponsePage.php") which is immediate, rather than incorporating a delay.
There are a variety of methods you can employ in an attempt to limit spam/bots from processing the form. These range from captures such as that from Google (again as mentioned below by SimonEritsch) to implementing your own additional checks either side of your form. For example:
- Check the referrer is actually the submission page on your own site and that the data does not come from elsewhere.
- Perhaps create a session variable at some other stage in the process that must be visited before submitting the form. You can then also pass that as a hidden form variable. If the passed value is incorrect or the session value does not exist then all processes probably haven't been followed.
- There is a simple "blank field" trick but I personally wouldn't recommend JUST doing that. Interesting though.
There are lots of things you can employ. Have a good look around such as this post "Stop spam without Captcha" or Practical non-image based CAPTCHA approaches both here on SO.
In your code you can use a PHP header in order to make the page redirect, but however you're probably going to want to incorporate a delay so the user sees the 'Thank You' message.
For example, you can use this:
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$from = 'xxxxx';
$to = 'xxxx@xxxx.com';
$subject = 'xxxxx';
$human = $_POST['human'];
$body = "De: $name
E-Mail: $email
Mensaje:
$message";
if ($_POST['submit']) {
if ($name != '' && $email != '') {
if ($human == '4') {
if (mail ($to, $subject, $body, $from)) {
echo '<p>Su mensaje ha sido enviado correctamente!</p>';
$redirSec = 3;
$redirPage = "http://example.com/secretarea";
header("Refresh: ". $redirSec ."; url=". $redirPage);
} else {
echo '<p>Ocurrió un error, porfavor vuelva e intentlo de nuevo!</p>';
}
} else if ($_POST['submit'] && $human != '4') {
echo '<p>Su respuesta anti-spam es incorrecta!</p>';
}
} else {
echo '<p>Por favor, rellene todos los campos obligatorios!!</p>';
}
}
?>
As for your anti-spam human verification, you should try using a Recaptcha solution such as the one offered by Google that requires the user to click the I'm not a robot box in order to proceed:
